I found out by accident, here, that for openssl
version 1.1.0:
-md digest
Use the specified digest to create the key from the passphrase. The default algorithm is sha-256.
So, there is no point of specifying the message digest algorithm for the newer version of openssl
as it already uses SHA-256.
But since on my system there is openssl
version 1.0.2g, I dug further and found out, here, that:
... In OpenSSL 1.1.0 we changed from MD5 to SHA-256 ...
Essentially, this means, my openssl
will by default use the old and obsolete MD5.
Luckily, this can be changed to SHA-256 with openssl
version 1.0.2g:
openssl enc -aes-256-cbc -md sha256 -salt -in somefile -out somefile.enc
If you have an older openssl
version than me, you might want to try -md sha1
, if the above fails.
-salt
has been the default for over a decade, nearly two.